I've updated the patches linked to in the last post with today's work. Both
sides now end up with the same shared key (and not just because they got the
same private key from lack of entropy like before). That took some fun tracking
down of bugs.

Also, packets are now HMAC-MD5'ed with the shared key, and invalid packets
are dropped. That also took far longer than expected. I ended up using the MD5
implementation from the CIFS filesystem because the kernel's crypto library is
just plain terrible. It's also totally undocumented but, from what I can see,
you can't lookup an algorithm without taking a semaphore, and that requires
that you be able to sleep. I almost think I must be missing something because
that's dumber than the bastard offspring of Randy Hickey and Jade Goodie.